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Response to Amendment 

This Office Action is in response to a communication made on June 27, 2007. 
Claims 7-8, 12, 14, and 16 have been amended. 
Claims 1-6, 9, 13, and 15 have been cancelled. 
Claim 17 has been newly added. 

Claims 7-8, 10-12, 14, 16, and 17 are pending in this application. 



Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 7 and 14 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. Claims 7 and 14 include the limitations of "defining a 
third port of a server application for receiving at least one message with a second 
security level" and "deleting any message sent to the third port regardless of a security 
level." These two limitation seem to conflict, it is unclear how a port can receive a 
message of a second security level, while also be deleting any message sent to the 
same port regardless of security level. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 7-8, 10-12, 14, 16, and 17 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Feigen in view of in view of Coile (6473406), and in 
further view of Winiger (5845068). 

Regarding claim 7, Feigen teaches a method for allowing a client application to 
establish, in a client network, a first connection having a first security level with a first 
port of a server application hosted in a server machine linked to a server network, in 
order to send messages addressed to the server machine, said messages passing from 
the client network to the server network through a network layer of a gateway machine 
(Figure 3, security server is the gateway), the method comprising: 

creating a second port in the gateway machine; 

rerouting to the second port of the gateway machine, by ordering the network 
layer of the gateway any message sent and addressed to the first port of the server 
machine (Column 4, lines 4-11); 

listening to the second port to detect a request to establish said first connection 
(Column 4, lines 12-19) and; 

generating, in the gateway machine, a thread which establishes said first 
connection (Column 4, lines 22 - 31 ). 

Feigen does not explicitly indicate that any addressed message to the first port is 
received at the second port, and creating based on the message a connection with the 
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first port of the server application or defining a third port of the server application for 
receiving at least one of the messages with a second security level; and deleting, by 
ordering the network layer (CR) of the gateway machine, any message sent to the third 
port regardless of a security level of said message sent to the third port. 

Coile teaches a system of providing transparent message security and filtering 
which includes any addressed message to the first port is received at the second port, 
and creating based on the message a connection with the first port of the server 
application (Column 8, lines 49 - 67). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to use Coile's teaching of transparency in Feigen so that the client 
never has to act according to any packet filtering and separate security issues, and only 
operate as if using the first server. 

Winiger teaches defining a third port of the server application for receiving at 
least one of the messages with a second security level (Column 4, line 67 - Column 5, 
line 4) deleting by ordering the network layer of the gateway machine any message sent 
to the third port (Column 6, lines 6 - 9). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to use Winiger's teaching of multiple security classification levels in 
Feigen's system in order to allow a certain resources to be accessed by only certain 
clearance levels, which increases security and blocks invalid attempts at resources 
which clearance has not been granted. 
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Regarding claims 10 and 11, Feigen teaches a method according to claims 7 
and 8, wherein said creating and rerouting are executed automatically by a first process 
of the gateway machine and said first process generates a second process that 
executes said listening and generating (Column 4, lines 12-31). 

Regarding claim 14, Feigen teaches a method for allowing a client application to 
establish in a client network a first connection having a first security level, directly with a 
first port of a server application hosted in a server machine linked to a server network, in 
order to send messages addressed to the server machine, said messages passing from 
the client network to the server network through a network layer of a gateway machine 
(Figure 3, security server is the gateway), the method comprising: 

generating, in the gateway machine, a thread which establishes said first 
connection; and 

activating, in the gateway machine, a secure application proxy that reroutes the 
messages from the first connection, in a way that is transparent to the client application 
(Column 4, lines 4-11), so as to establish a second connection having a second 
security level with the server application, said second connection being unknown to said 
client application (Column 4, lines 22 - 31), 

wherein said generating is performed in response to the detection of the request 
addressed to the first port of the server application to establish said first connection. 

Feigen does not explicitly indicate that any addressed message to the first port is 
received at the second port, and creating based on the message a connection with the 
first port of the server application or defining a third port of the server application for 
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receiving at least one of the messages with a second security level; and deleting, by 
ordering the network layer (CR) of the gateway machine, any message sent to the third 
port regardless of a security level of said message sent to the third port. 

Coile teaches a system of providing transparent message security and filtering 
which includes any addressed message to the first port is received at the second port, 
and creating based on the message a connection with the first port of the server 
application (Column 8, lines 49 - 67). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to use Coile's teaching of transparency in Feigen so that the client 
never has to act according to any packet filtering and separate security issues, and only 
operate as if using the first server. 

Winiger teaches defining a third port of the server application for receiving at 
least one of the messages with a second security level (Column 4, line 67 - Column 5, 
line 4) deleting by ordering the network layer of the gateway machine any message sent 
to the third port (Column 6, lines 6 - 9). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to use Winiger's teaching of multiple security classification levels in 
Feigen's system in order to allow a certain resources to be accessed by only certain 
clearance levels, which increases security and blocks invalid attempts at resources 
which clearance has not been granted. 

Regarding claim 8, Feigen teaches a method according to claim 7. 
Feigen does not explicitly indicate said thread comprises: 
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establishes said first connection in a first phase with the first security level in a 
first interface associated with the second port and with said request; 

establishes in a second phase a second connection with the second level of 
security in a second interface to the third port in the server machine; 

writes with the second security level in the second interface any message read in 
the first interface with the first security level in a third phase, and 

writes with the first security level in the first interface any message read in the 
second interlace with the second security level in a fourth phase. 

Winiger teaches whereas said thread comprises: 

establishes said first connection in a first phase with a first security level in a first 
interface associated with the second port and with said request; 

establishes in a second phase a second connection with a second level of 
security in a second interface to the third port in the server machine (Column 4, line 67 
- Column 5, line 6, where the system allows a new connection to open and request a 
socket of the server application, if the socket is open it allows a new connection to be 
made at a specified security level, which can be different then a previously opened 
socket or port which is operating at a completely separate security layer or label); 

writes with the second security level in the second interface any message read in 
the first interface with the first security level in a third phase, and; 

writes with the first security level in the first interface any message read in the 
second interlace with the second security level in a fourth phase (Column 5, lines 10 - 
14; Column 4, lines 44 - 51 where when the system opens a socket at a certain security 
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level it responses with the response that contains the identification of the security level 
in the response header). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to use Winiger's teaching of multiple security classification levels in 
Feigen's system in order to allow a certain resources to be accessed by only certain 
clearance levels, which increases security and flexibility. 

Regarding claim 12, Feigen teaches a method according to claim 9, further 
comprising automatically executing the steps of creating, rerouting and deleting by a 
first process of the gateway machine and generating by said first process a second 
process that executes the steps of listening and generating a thread (Column 4, lines 12 
-31). 

Regarding claim 16, Feigen teaches a method according to claim 14, further 
comprising: automatically executing said creating and rerouting, by a first process of 
the gateway machine, and generating, by said first process, a second process that 
executing said listening and generating (Column 4, lines 12-31). 

Regarding claim 17, Feigen teaches a method according to claim 16, further 
comprising: automatically executing said deleting by said first process of the gateway 
machine (Column 4, lines 12 - 31). 

Response to Arguments 

Applicant's arguments filed June 27, 2007 have been fully considered but they 
are not persuasive. The applicant argues that the reference, Winiger, does not teach 
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deleting every message sent to port 3 regardless of the security level. The examiner 
disagrees, since it is show in the 1 12 rejection to the independent claims, it is unclear 
how the port can be open to receive messages of a second security level, while also 
deleting any message sent to that port regardless of any security level, the examiner 
must his best interpretation of the claim in attempt at a proper rejection. It would make 
most sense to the examiner if the port is opened for a particular security level, it should 
sent those messages that are to be received at the port, while all other security levels 
are deleted. Winiger shows this functionality in Column 4, line 67 - Column 5, line 4; 
Column 6, lines 6-9. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kevin Bates whose telephone number is (571) 272- 

3980. The examiner can normally be reached on 9 am - 5 pm. 

i 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Saleh Najjar can be reached on (571) 272-4006. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




KB 

July 16, 2007 



